15Feb 2013

chuck.braden

Zero day vulnerability for Adobe Acrobat and Reader currently being exploited – Feb 14

On February 12, several sources identified a zero-day vulnerability for all versions Adobe Acrobat and Reader that was being actively exploited. As of February 14, Adobe had yet to provide details on when a patch was expected to be released. Mitigation practices provided by the vendor consisted of turning on the Protected View feature for Adobe Reader and Acrobat versions 11.0 or later http://www.adobe.com/support/security/advisories/apsa13-02.html

Acrobat and Reader versions prior to 11 are also vulnerable but the protected view functionality was not available in any version prior to 11. It is strongly suggested that staff be cautioned to update to version 11.x for these products and also to not open PDF files from unknown sources.